Skip to Content

Did monkey videos help Russian hackers access President Obama’s email?

U.S. President Obama holds up his BlackBerry device after he returned inside the White House to retrieve it, after boarding Marine One on the South Lawn of the White House in WashingtonU.S. President Obama holds up his BlackBerry device after he returned inside the White House to retrieve it, after boarding Marine One on the South Lawn of the White House in Washington
President Barack Obama holds up his BlackBerry after he forgot it before his departure on the South Lawn of the White House in Washington on November 21, 2014.Photograph by Larry Downing — Reuters

Turns out the White House’s hacking may have involved more than a little monkey business.

When hackers breached the White House’s unclassified computer network in October, they got hold of of more information than was initially reported, unnamed officials told the New York Times. And they may have done so with the help of viral ape videos—literally viral, as they infected users’ machines.

The intrusion, which has been linked to Russia, was “far more intrusive and worrisome than has been publicly acknowledged,” an official told the paper.

Beyond simply gaining access to the president’s private itinerary, the cyber intruders also appear to have obtained some of his email correspondence. This includes archives of messages sent between the president and people inside—and possibly also outside—the White House, the Times reports.

While the president’s own email account, his highly restricted BlackBerry communications, and the White House’s classified networks are not believed to have been compromised, the hackers likely got their hands on “highly sensitive” information, according to the paper. As the Times says:

But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.

How much information was accessed and how sensitive the information was have not yet been disclosed.

Despite precautions taken to segment communications on different networks—like having two computers in the offices of top staff members (a strictly internally connected and more secure one versus an externally connected and less secure one)—delicate data was at risk. Other preventative measures include delivering the president’s daily brief orally, on paper, or on a classified network-connected iPad, the Times reports.

United States secretary of defense Ashton Carter last week revealed that the Pentagon discovered allegedly Russian hackers on its unclassified systems, too, though the incidents have not been linked. A team of incident responders detected them, he said, and promptly “kicked them off the network.” (Hackers have lingered on the U.S. State Department’s unclassified network for months, the Wall Street Journal reported in Feb.)

“Russian actors are stealthy in their cyber tradecraft and their intentions are sometimes difficult to discern,” a recent Pentagon cyber strategy document said, Reuters reports.

The Russian cyber security firm Kaspersky Labs last week released a report alleging that the White House and earlier State Department unclassified network breaches are linked to a Russian-speaking group it calls “CozyDuke.” The attack apparently used spear-phishing emails to lure recipients into accidentally compromising their machines, either through clicking on links to hacked websites or by opening email-attached videos bundled with malware.

One of the videos, titled “Office Monkeys LOL Video.zip,” featured business attired chimpanzees.

Screenshot of aforementioned phony flash video featuring monkeys. Courtesy of Kaspersky Labs’ SecureList blog.
Courtesy of Kaspersky Labs' SecureList blog

“These videos are quickly passed around offices with delight while systems are infected in the background silently,” the Kaspersky researchers write.

A white paper released by the Finnish security firm F-Secure, released on the heels of the Kaspersky report, also analyzes the CozyDuke attack. Although the report neither mentions the White House nor the State Department—nor does it blame Russian hackers—the document does state that there is “reason to believe CozyDuke is being used to target governmental organizations and entities that work closely with such bodies.”

At the RSA Conference last week, F-Secure’s chief researcher Mikko Hyppönen told Fortune at a private press lunch that his team could not confidently attribute the CozyDuke attack to Russia with the information he then had available.

The cyber intrusions at the State Department and the White House coincided with elevated tensions between Russia and and the U.S. over Ukraine.